Skip to content

Commit

Permalink
Updated ssl pinning mode to have default pinned certificates by default
Browse files Browse the repository at this point in the history
  • Loading branch information
@kcharwood
kcharwood committed Sep 29, 2013
1 parent 9e71033 commit 4350a01
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 0 deletions.
1 change: 1 addition & 0 deletions AFNetworking/AFSecurityPolicy.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ + (instancetype)defaultPolicy {
+ (instancetype)policyWithPinningMode:(AFSSLPinningMode)pinningMode {
AFSecurityPolicy *securityPolicy = [[self alloc] init];
securityPolicy.SSLPinningMode = pinningMode;
[securityPolicy setPinnedCertificates:[self defaultPinnedCertificates]];

return securityPolicy;
}
Expand Down
1 change: 1 addition & 0 deletions Example/Classes/AFAppDotNetAPIClient.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ + (instancetype)sharedClient {
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
_sharedClient = [[AFAppDotNetAPIClient alloc] initWithBaseURL:[NSURL URLWithString:AFAppDotNetAPIBaseURLString]];
[_sharedClient setSecurityPolicy:[AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey]];
});

return _sharedClient;
Expand Down
10 changes: 10 additions & 0 deletions Tests/Tests/AFSecurityPolicyTests.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,4 +165,14 @@ - (void)testPolicyWithPinningModeIsSetToNotAllowInvalidSSLCertificates {
XCTAssert(policy.allowInvalidCertificates == NO, @"policyWithPinningMode: should not allow invalid ssl certificates by default.");
}

- (void)testThatSSLPinningPolicyClassMethodContainsDefaultCertificates{
AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModePublicKey];
XCTAssertNotNil(policy.pinnedCertificates, @"Default certificate array should not be empty for SSL pinning mode policy");
}

- (void)testThatDefaultPinningPolicyClassMethodContainsNoDefaultCertificates{
AFSecurityPolicy *policy = [AFSecurityPolicy defaultPolicy];
XCTAssertNil(policy.pinnedCertificates, @"Default certificate array should be empty for default policy.");
}

@end

0 comments on commit 4350a01

Please sign in to comment.